SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Warning - yahoo might be vulnerable to this code

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
dogsbum
NN's whore


Joined: 08 Jan 2010
Posts: 381
Location: under my desk - licking my balls


PostPosted: Wed Mar 17, 2010 11:42 pm Reply with quoteBack to top

Hey all

One of my lads got clever and sent a reply with hidden code (link).

I was tired and clicked without thinking ...Embarassed

This was in it ... DO NOT CLICK LINK - DO NOT CLICK LINK
    Code:
    http://fr.mc249.mail.yahoo.com/mc/showMessage?fid=Sent&sort=date&order=down&startMid=0&filterBy=&.rand=211591725&midIndex=2&mid=1_18266_AIhuUtQAAV4%2BS5%2FuewMlwC6wqCw&enc=auto&cmd=msg.scan&pid=2&tnef=&fn=SWEETGIRL.JPG


It opened up a browser tab with my yahoo mail account ... which sucks.

What does the code do and is my account about to be hijacked?

_________________
DogsBum

<a href="/forum/donate.php">[Make a lad cry today and God will reward you.]</a>
* Help Keep Eater Running - Click here to donate
Zombie or Steward (real) returns - you decide.
Steward is a Delete sensitive material regarding identity - Steward

Exproba tuos pusiones saepe et quam saevissime!
(Slap lads often and as hard as possible!!)

Miseria et tardum letium omnibus factoribus doli!
(Woe and a slow death to all scammer lads!)
(Thanks Otterfan for the Latin)
View user's profileSend private messageSkype Name
Fowan Nyne
Baiting Guru


Joined: 12 Aug 2009
Posts: 3720
Location: Miniluv


PostPosted: Thu Mar 18, 2010 12:27 am Reply with quoteBack to top

The giveaway is "fr.mc249.mail.yahoo.com"
Generally, the first part of the address (before the slash) is the legit side.
I don't think that this address belongs to Yahoo.

If you didn't login, you'll be fine. If you did, I suggest cleaning up and changing any passwords that might be associated with this account.
Your mentor (having the experience that she does) will, I'm sure, be able to advise on this.

_________________
Closed lad accounts ponyGoatMortarMc FryPurple Flower
Easter Egg I can't wait for 'Eater Easter!
TV Star Find out about Rental Scams

"Note I am very weak by straight"
"Did you want to cheat me or play on my intelligent?"
"All necessary preparation for the movement of the stool are in the pipe line" - Stan "the man" Agbley

Click here to see a proper scam

View user's profileSend private messageSkype Name
dogsbum
NN's whore


Joined: 08 Jan 2010
Posts: 381
Location: under my desk - licking my balls


PostPosted: Thu Mar 18, 2010 12:32 am Reply with quoteBack to top

^^^ Thanks 419 ...

And there is the rub. I was logged in ... and it did pull up my yahoo mail.
But I can't see anything that was sent ... which sorta might be good.

If the hack effort (which is what I believe it is) opened my email account then
they *maybe* can reset my password and lock me out entirely.
Or email everyone in the contact list ... not a desperate loss since most are lads anyhoo.

We hear about this sort of thing from victims all the time. OMFG ... I am a victim Embarassed

Grrrrr ... oh this cow so has got to die! I feel a mass bait in the making .. Twisted Evil

_________________
DogsBum

<a href="/forum/donate.php">[Make a lad cry today and God will reward you.]</a>
* Help Keep Eater Running - Click here to donate
Zombie or Steward (real) returns - you decide.
Steward is a Delete sensitive material regarding identity - Steward

Exproba tuos pusiones saepe et quam saevissime!
(Slap lads often and as hard as possible!!)

Miseria et tardum letium omnibus factoribus doli!
(Woe and a slow death to all scammer lads!)
(Thanks Otterfan for the Latin)
View user's profileSend private messageSkype Name
bobdemol
Baiting Guru


Joined: 30 Dec 2008
Posts: 2113
Location: Belgium


PostPosted: Thu Mar 18, 2010 12:33 am Reply with quoteBack to top

I don't think you need to worry. I checked the link and I was offered Ymail login page. When I logged in with one of my accounts I got a screen saying that the message cannot be found.
The code refers to an image file in JPG format.

_________________
yOU WICKED AND EVIL MAN,PERISH TO HELL WHERE YOU BELONG - Obinna

You have made me get to take my drugs. -Claude Dominique after ticking over 1000 boxes-

FOR THE LAST TIME DONT EVER SENT ME EMTY SLIP AGAIN -Barrister Mustapha-

why must you act like childish game. -Eng Uzeze-

why are u so stupid and fullish like that go to hall. u idiot - Topman Stephen

LOOK AM SICK AND TYRED WITH ALL THIS TAMBAMBLING OF YOUR. -Barr. Bulunga-
Penguin Easter Egg Easter Egg 2013 Goat Closed lad accounts Nigeria Ghana Mortar Sand Timer Cellphone Tattoo Safari Safari Linos: Togo-Benin Safari Mike Obidi: Onitsha-Lagos-Accra (1800KM/1120Miles)
Safari Felix: Accra-Lomé (x3)
Pic of a beer drinking goat
View user's profileSend private message
Technomancer
Master of Master Baiters


Joined: 08 Dec 2009
Posts: 671
Location: Sailing the infinite sea of the Net


PostPosted: Thu Mar 18, 2010 1:02 am Reply with quoteBack to top

Hmm, a tech-savvy lad?
I've been hoping to run into one of them at some point. My technomantic skills are pretty much wasted on the average lad Wink

_________________
***************
* TechnomanceR *
***************

-------------------------------------------------------
I went to the Mr Biggs' drive-in...
Nurse Nastys Audi TT And all I got was this lousy Easter Egg with fries! Easter Egg Mc Fry

Closed lad accounts x1
View user's profileSend private message
dogsbum
NN's whore


Joined: 08 Jan 2010
Posts: 381
Location: under my desk - licking my balls


PostPosted: Thu Mar 18, 2010 1:39 am Reply with quoteBack to top

^^^ Hey Technomancer ... burn this fucker please Very Happy
This insult upon the Eater community must not go unanswered.
@ bobdemol ... thanks dude. I really really really loath techno-lads. Really.

I think we should get him to milk bulls ... lots of bulls.

Header FYI wrote:
Delivered-To: [email protected]
Received: by 10.231.172.213 with SMTP id m21cs319851ibz;
Wed, 17 Mar 2010 09:49:50 -0700 (PDT)
Received: by 10.142.210.18 with SMTP id i18mr571310wfg.179.1268844586938;
Wed, 17 Mar 2010 09:49:46 -0700 (PDT)
Return-Path: <[email protected]>
Received: from n22.bullet.mail.ukl.yahoo.com (n22.bullet.mail.ukl.yahoo.com [87.248.110.139])
by mx.google.com with SMTP id 7si11846211pzk.104.2010.03.17.09.49.45;
Wed, 17 Mar 2010 09:49:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 87.248.110.139 as permitted sender) client-ip=87.248.110.139;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 87.248.110.139 as permitted sender) [email protected]; dkim=pass (test mode) [email protected]
Received: from [217.146.182.180] by n22.bullet.mail.ukl.yahoo.com with NNFMP; 17 Mar 2010 16:49:43 -0000
Received: from [87.248.110.203] by t6.bullet.ukl.yahoo.com with NNFMP; 17 Mar 2010 16:49:43 -0000
Received: from [127.0.0.1] by omp233.mail.ukl.yahoo.com with NNFMP; 17 Mar 2010 16:49:43 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 78073 invoked by uid 60001); 17 Mar 2010 16:49:43 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1268844583; bh=EiUhMmR1EVX5lbQ6CyFnd9nE6dB/r8lxQ8/YEsC3X/8=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type;
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:In-Reply-To:MIME-Version:Content-Type;

Message-ID: <[email protected]>
X-YMail-OSG: tH0kUTgVM1kNQQdy2H6OiDsJ55XyHodTb9UqIu38IhnK06V
GVfL1M.iCv_XRiDXnOtlh2E_.kMpqCw1hdwf_tlmYpgqsY0EDaW4hDLSRefQ
AX.GQuabDAePqzJRCU3MB5iggp7_xVJAwj9SeApfcnfOaVc.XSuTLeRNVr8.
6
JcvrfPErGeM6lMX43Lllm2Uaa1RryGuZTQV59XcQ-
Received: from [41.208.135.99] by web24908.mail.ird.yahoo.com via HTTP; Wed, 17 Mar 2010 09:49:43 PDT
X-Mailer: YahooMailClassic/10.0.8 YahooMailWebService/0.8.100.260964
Date: Wed, 17 Mar 2010 09:49:43 -0700 (PDT)
From: Morine Ogwo <[email protected]>
Subject: I HOPE TO HERE FROM YOU
To: Ima Hunt <[email protected]>
In-Reply-To: <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-1585706-1268844583=:77846"

--0-1585706-1268844583=:77846
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Code:
SWEETGIRL.JPG=0A               =20
My Dear
I am more than happy in your reply to my mail
How is=0Ayour day?. Mine is a bit colder here in Dakar Senegal..My I Ogwo M=
orin=0Aname is 23 years of Sudan, in Africa, 5.11ft tall, Fair in complexio=
n,=0A(never married before) and am currently residing in the refugee camp h=
ere in Dakar as a result of the administration
=0Awar in country.My my late father was Dr. Ogwo management
Ogwo=0Adirector and Associates (Ltd), and was the personal advice to the=0A=
former head of state before the rebels attacked our house one early=0Amorni=
ng and killed
=0Amy mother and father in cold blood.It only now that I was alive and mana=
ged to make my way to a near by country Senegal, where I am now living in a=
 refugee
=0Acamp, and this team is owned by a revrend that is incharge of a church h=
ere in the camp.
I=0Awould like to know more about you.Your likes and dislikes, your hobbies=
=0Aand what you are doing presently..I will tell you more about myself in=
=0Amy next mail.
=0AAttached here is my picture.
Waiting to hear from you as soon as possible
Morine


--- En date de=A0: Mer 17.3.10, Ima Hunt <[email protected]> a =E9crit=A0:

De: Ima Hunt <[email protected]>
Objet: Re: HELLO
=C0: "Morine Ogwo" <[email protected]>
Date: Mercredi 17 mars 2010, 8h30

Hi Morine

Odd that you did not include any pics with your email.

I like both men and women.

What next?

Ima

On 15 March 2010 06:06, Morine Ogwo <[email protected]> wrote:
=0A=0A
My name is Morine ogwo I am a girl, I saw your profile www.=A0 in here and =
my spirite ask me to contact you about this important issue so please, I wo=
uld like you to send me mail here ([email protected]), so that i will t=
ell you about the important issue and also give you my sweet picture. I am =
waiting for your urgent and immediate reply thank you
=0Amorine ogwo


=0A=0A=0A=0A=0A     =20
=0A=0A=0A=0A     
--0-1585706-1268844583=:77846
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

<table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" ><tr><td valign=3D"=
top" style=3D"font: inherit;"><div class=3D"row"><ul class=3D"tmbnails clea=
rfix"><li class=3D"img"><a class=3D"imgname" href=3D"http://fr.mc249.mail.y=
ahoo.com/mc/showMessage?fid=3DSent&sort=3Ddate&order=3Ddown&sta=
rtMid=3D0&filterBy=3D&.rand=3D211591725&midIndex=3D2&mid=3D=
1_18266_AIhuUtQAAV4%2BS5%2FuewMlwC6wqCw&enc=3Dauto&cmd=3Dmsg.scan&a=
mp;pid=3D2&tnef=3D&fn=3DSWEETGIRL.JPG" title=3D"SWEETGIRL.JPG"><img=
 alt=3D"SWEETGIRL.JPG" src=3D"http://thumbp2.mail.vip.ird.yahoo.com/tn?sid=
=3D69805794405104698amp;fid=3DSent">SWEETGIRL.JPG</a></l=
i></ul></div>=0A                <br>My Dear<br>I am more than happy in your=
 reply to my mail<br>How is=0Ayour day?. Mine is a bit colder here in Dakar=
 Senegal..My I Ogwo Morin=0Aname is 23 years of Sudan, in Africa, 5.11ft ta=
ll, Fair in complexion,=0A(never married before) and am currently residing =
in the <span><span><span><span style=3D"background: transparent none repeat=
 scroll 0% 0%; -moz-background-clip: border; -moz-background-origin: paddin=
g; -moz-background-inline-policy: continuous;">refugee camp</span></span></=
span></span> here in <span><span><span><span>Dakar</span></span></span></sp=
an> as a result of the administration<br>=0Awar in country.My my late fathe=
r was Dr. Ogwo management<br>Ogwo=0Adirector and Associates (Ltd), and was =
the personal advice to the=0Aformer head of state before the rebels attacke=
d our house one early=0Amorning and killed<br>=0Amy mother and father in co=
ld blood.It only now that I was alive and managed to make my way to a near =
by country <span><span><span style=3D"background: transparent none repeat s=
croll 0% 0%; -moz-background-clip: border; -moz-background-origin: padding;=
 -moz-background-inline-policy: continuous;"><span>Senegal</span></span></s=
pan></span>, where I am now living in a <span><span><span><span style=3D"ba=
ckground: transparent none repeat scroll 0% 0%; -moz-background-clip: borde=
r; -moz-background-origin: padding; -moz-background-inline-policy: continuo=
us;">refugee<br>=0Acamp</span></span></span></span>, and this team is owned=
 by a revrend that is incharge of a church here in the camp.<br>I=0Awould l=
ike to know more about you.Your likes and dislikes, your hobbies=0Aand what=
 you are doing presently..I will tell you more about myself in=0Amy next ma=
il.<br>=0AAttached here is my picture.<br>Waiting to hear from you as soon =
as possible<br>Morine<br><br><br>--- En date de&nbsp;: <b>Mer 17.3.10, Ima =
Hunt <i>&lt;[email protected]&gt;</i></b> a =E9crit&nbsp;:<br><blockquote =
style=3D"border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding=
-left: 5px;"><br>De: Ima Hunt &lt;[email protected]&gt;<br>Objet: Re: HELL=
O<br>=C0: "Morine Ogwo" &lt;[email protected]&gt;<br>Date: Mercredi 17 =
mars 2010, 8h30<br><br><div id=3D"yiv1511167597">Hi Morine<br><br>Odd that =
you did not include any pics with your email.<br><br>I like both men and wo=
men.<br><br>What next?<br><br>Ima<br><br><div class=3D"gmail_quote">On 15 M=
arch 2010 06:06, Morine Ogwo <span dir=3D"ltr">&lt;<a rel=3D"nofollow" ymai=
lto=3D"mailto:[email protected]" target=3D"_blank" href=3D"/mc/compose?=
[email protected]">[email protected]</a>&gt;</span> wrote:<br>=
=0A<blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(20=
4, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><table border=
=3D"0" cellpadding=3D"0" cellspacing=3D"0"><tbody><tr><td style=3D"font-fam=
ily: inherit; font-style: inherit; font-variant: inherit; font-weight: inhe=
rit; font-size: inherit; line-height: inherit; font-size-adjust: inherit; f=
ont-stretch: inherit;" valign=3D"top">=0A<br>My name is Morine ogwo I am a =
girl, I saw your profile www.&nbsp; in here and my spirite ask me to contac=
t you about this important issue so please, I would like you to send me mai=
l here (<a rel=3D"nofollow" ymailto=3D"mailto:[email protected]" target=
=3D"_blank" href=3D"/mc/[email protected]">[email protected]=
oo.com</a>), so that i will tell you about the important issue and also giv=
e you my sweet picture. I am waiting for your urgent and immediate reply th=
ank you<br>=0Amorine ogwo<br><br></td></tr></tbody></table><br>=0A=0A=0A=0A=
=0A      </blockquote></div><br>=0A</div></blockquote></td></tr></table><br=
>=0A=0A=0A=0A=0A     
--0-1585706-1268844583=:77846--

Damn this email has some nasty stuff ... links deactivated. Might default to read emails as text only just to be safe and sure.

BTW, Ima Hunt is the sister of Mike Hunt Very Happy She likes it both ways.

The lad's IP is based in Senegal - 41.208.135.99
Email address: Morine Ogwo <[email protected]>

Avenge teddy!!

Mod edit - deleted domain key to eliminate forum blowout. - JF

_________________
DogsBum

<a href="/forum/donate.php">[Make a lad cry today and God will reward you.]</a>
* Help Keep Eater Running - Click here to donate
Zombie or Steward (real) returns - you decide.
Steward is a Delete sensitive material regarding identity - Steward

Exproba tuos pusiones saepe et quam saevissime!
(Slap lads often and as hard as possible!!)

Miseria et tardum letium omnibus factoribus doli!
(Woe and a slow death to all scammer lads!)
(Thanks Otterfan for the Latin)
View user's profileSend private messageSkype Name
Total Wipeout
Not quite a Newb


Joined: 19 Aug 2009
Posts: 78


PostPosted: Thu Mar 18, 2010 6:54 am Reply with quoteBack to top

I had a lad try to phish my log in last week with this http://69.175.126.170/~cheryla2/likakak1/smileys5/yahoo.html

It's a fake Yahoo login, but he said my gmail details would open it up for me. Laughing

Presumably the back end logs all the username and pw login attempts. But who gets the info? The lad I was dealing with was thick as sh!te, so either it's one of his crew has created this or someone from outside is offering the service.

Someone in ladland is being very naughty! Evil or Very Mad
View user's profileSend private message
Bankster
Lab Rat


Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.


PostPosted: Thu Mar 18, 2010 8:45 am Reply with quoteBack to top

I'd say the lad has sent you an embedded image (sweetgirl.jpg) and the link is what Yahoo Mail has made out of it. The random characters in that link identify your Yahoo session and the image file to be displayed. No need to worry.

_________________
Whoever said you can't touch happiness has never petted a dog.

Elite Ninja Team Member Easter Egg 2012 Goat Golden Goat Purple Flower Penguin
(United States United Kingdom Benin China Nigeria) x10 __ x?
View user's profileSend private messageSkype Name
dogsbum
NN's whore


Joined: 08 Jan 2010
Posts: 381
Location: under my desk - licking my balls


PostPosted: Thu Mar 18, 2010 8:59 am Reply with quoteBack to top

Thanks all Very Happy

So I gather that I can remove all of the cellophane / tinfoil from my head? Embarassed

Forgot this ... might be useful for context.

I read the email from within a IE 8 tab - using my my GMAIL bait account.
Yahooey mail was open in another tab but did not have focus and did not contain the nasty email.
Clicky on SWEETGIRL.JPB opened yet another tabbed instance of yahooey mail.
No warning message about the errant JPG object or anything else for that matter.
Teddy ran and hid. Embarassed

See ... this is what I get for doing something so utterly unforgivably dumbass.
And now you know why I run and hide from techno-lads.
They can pinch your kidney while you sleep and you would never know.

_________________
DogsBum

<a href="/forum/donate.php">[Make a lad cry today and God will reward you.]</a>
* Help Keep Eater Running - Click here to donate
Zombie or Steward (real) returns - you decide.
Steward is a Delete sensitive material regarding identity - Steward

Exproba tuos pusiones saepe et quam saevissime!
(Slap lads often and as hard as possible!!)

Miseria et tardum letium omnibus factoribus doli!
(Woe and a slow death to all scammer lads!)
(Thanks Otterfan for the Latin)
View user's profileSend private messageSkype Name
bobdemol
Baiting Guru


Joined: 30 Dec 2008
Posts: 2113
Location: Belgium


PostPosted: Thu Mar 18, 2010 9:20 am Reply with quoteBack to top

Quote:
So I gather that I can remove all of the cellophane / tinfoil from my head?


Yes but only after the weekend Laughing

_________________
yOU WICKED AND EVIL MAN,PERISH TO HELL WHERE YOU BELONG - Obinna

You have made me get to take my drugs. -Claude Dominique after ticking over 1000 boxes-

FOR THE LAST TIME DONT EVER SENT ME EMTY SLIP AGAIN -Barrister Mustapha-

why must you act like childish game. -Eng Uzeze-

why are u so stupid and fullish like that go to hall. u idiot - Topman Stephen

LOOK AM SICK AND TYRED WITH ALL THIS TAMBAMBLING OF YOUR. -Barr. Bulunga-
Penguin Easter Egg Easter Egg 2013 Goat Closed lad accounts Nigeria Ghana Mortar Sand Timer Cellphone Tattoo Safari Safari Linos: Togo-Benin Safari Mike Obidi: Onitsha-Lagos-Accra (1800KM/1120Miles)
Safari Felix: Accra-Lomé (x3)
Pic of a beer drinking goat
View user's profileSend private message
Bankster
Lab Rat


Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.


PostPosted: Thu Mar 18, 2010 9:24 am Reply with quoteBack to top

Also, your tinfoil design may be flawed. If you just post a few pictures of you wearing it, we'll be happy to help you make it impenetrable.

_________________
Whoever said you can't touch happiness has never petted a dog.

Elite Ninja Team Member Easter Egg 2012 Goat Golden Goat Purple Flower Penguin
(United States United Kingdom Benin China Nigeria) x10 __ x?
View user's profileSend private messageSkype Name
Technomancer
Master of Master Baiters


Joined: 08 Dec 2009
Posts: 671
Location: Sailing the infinite sea of the Net


PostPosted: Thu Mar 18, 2010 9:29 am Reply with quoteBack to top

I followed that link you posted out of curiosity... And my hard drive exploded! Shocked



(hehe, just kidding Wink ).
I got the login page too, but I think it is a Yahoo one. Possibly he's sent you an image stored on a Yahoo account that you need a login to see, but I'm not entering my password to find out, just in case.
Might try baiting him and see if he sends me the same thing...

_________________
***************
* TechnomanceR *
***************

-------------------------------------------------------
I went to the Mr Biggs' drive-in...
Nurse Nastys Audi TT And all I got was this lousy Easter Egg with fries! Easter Egg Mc Fry

Closed lad accounts x1
View user's profileSend private message
Come-On
Not quite a Newb


Joined: 10 Jun 2009
Posts: 39


PostPosted: Thu Mar 18, 2010 1:24 pm Reply with quoteBack to top

bobdemol wrote:
I don't think you need to worry. I checked the link and I was offered Ymail login page. When I logged in with one of my accounts I got a screen saying that the message cannot be found.
The code refers to an image file in JPG format.


If you signed in to your Yahoo Mail with this log-in form you very well may have given out your email address and password. If you look at the source code you will see this > > >

<FORM name=login_form onsubmit="return hash2(this)"
action=data.php method=post

Those are "form fields" on this Yahoo log-in page. (Yahoo email address, Yahoo password) that once filled in by you, the form field input is being sent somewhere which means to someone. If I were you, I would change your password ASAP. The fact you got a screen saying the the message can't be found is part of the phishing attempt. This really is not a log-in page for Yahoo, it is a COPY of one set up to phish. Change your password!

_________________
* Help Keep Eater Running - Click here to donate
<br>
i really really needed you but you make me feel like a big foul. you make me feel like am stupid and i have not done anything wrong. i have never seen things like this before in my life.
why did act so u are hurting me girl? belive me i love u so much ? but i dont no why u always hurt me i will make evry endevure to do this for at least to make u happy
View user's profileSend private message
Come-On
Not quite a Newb


Joined: 10 Jun 2009
Posts: 39


PostPosted: Thu Mar 18, 2010 1:38 pm Reply with quoteBack to top

Total Wipeout wrote:
I had a lad try to phish my log in last week with this http://69.175.126.170/~cheryla2/likakak1/smileys5/yahoo.html

It's a fake Yahoo login, but he said my gmail details would open it up for me. Laughing

Presumably the back end logs all the username and pw login attempts. But who gets the info? The lad I was dealing with was thick as sh!te, so either it's one of his crew has created this or someone from outside is offering the service.

Someone in ladland is being very naughty! Evil or Very Mad


Someone is being VERY NAUGHTY. It may be this lad or a smarter lad getting the input but I really think someone is getting the input. As far as I can tell from the source code these form fields are live. I'm no expert so maybe someone else can take a look, but in the meantime, if anyone has used this Yahoo sign-in out of curiosity and put your REAL password in, CHANGE YOUR PASSWORD.

_________________
* Help Keep Eater Running - Click here to donate
<br>
i really really needed you but you make me feel like a big foul. you make me feel like am stupid and i have not done anything wrong. i have never seen things like this before in my life.
why did act so u are hurting me girl? belive me i love u so much ? but i dont no why u always hurt me i will make evry endevure to do this for at least to make u happy
View user's profileSend private message
Bankster
Lab Rat


Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.


PostPosted: Thu Mar 18, 2010 2:00 pm Reply with quoteBack to top

Quote:
If you signed in to your Yahoo Mail with this log-in form you very well may have given out your email address and password.


You mean this link?
Code:
http://fr.mc249.mail.yahoo.com/mc/showMessage?fid=Sent&sort=date&ord...d=2&tnef=&fn=SWEETGIRL.JPG

This one points to a Yahoo server and thus can be assumed to be safe. If you're not currently logged into Yahoo it will redirect you to the real Yahoo login page (notice how the URL starts with https:// and check the SSL certificate).

This one
Code:
http://69.175.126.170/~cheryla2/likakak1/smileys5/yahoo.html

on the other hand will steal your login.

_________________
Whoever said you can't touch happiness has never petted a dog.

Elite Ninja Team Member Easter Egg 2012 Goat Golden Goat Purple Flower Penguin
(United States United Kingdom Benin China Nigeria) x10 __ x?
View user's profileSend private messageSkype Name
Come-On
Not quite a Newb


Joined: 10 Jun 2009
Posts: 39


PostPosted: Thu Mar 18, 2010 2:14 pm Reply with quoteBack to top

Quote:
This one
Code:
http://69.175.126.170/~cheryla2/likakak1/smileys5/yahoo.html

on the other hand will steal your login.


Yes, this is the link I'm referring to.

_________________
* Help Keep Eater Running - Click here to donate
<br>
i really really needed you but you make me feel like a big foul. you make me feel like am stupid and i have not done anything wrong. i have never seen things like this before in my life.
why did act so u are hurting me girl? belive me i love u so much ? but i dont no why u always hurt me i will make evry endevure to do this for at least to make u happy
View user's profileSend private message
Come-On
Not quite a Newb


Joined: 10 Jun 2009
Posts: 39


PostPosted: Thu Mar 18, 2010 2:29 pm Reply with quoteBack to top

Bankster wrote:
Quote:
If you signed in to your Yahoo Mail with this log-in form you very well may have given out your email address and password.


You mean this link?
Code:
http://fr.mc249.mail.yahoo.com/mc/showMessage?fid=Sent&sort=date&ord...d=2&tnef=&fn=SWEETGIRL.JPG

This one points to a Yahoo server and thus can be assumed to be safe. If you're not currently logged into Yahoo it will redirect you to the real Yahoo login page (notice how the URL starts with https:// and check the SSL certificate).

This one
Code:
http://69.175.126.170/~cheryla2/likakak1/smileys5/yahoo.html

on the other hand will steal your login.


Actually, after following the first link in your post I think that one is a phishing page as well as the second link being a phishing page. Once the first link is clicked, this is what is in the browser bar > > >
https://login.yahoo.com/config/login_verify2?.src=ym&.done=http%3A%2F%2Ffr.mc249.mail.yahoo.com%2Fmc%2FshowMessage%3Ffid%3DSent%26amp%3Bsort%3Ddate%26amp%3Border%3Ddown%26amp%3BstartMid%3D0%26amp%3BfilterBy%3D%26amp%3B.rand%3D211591725%26amp%3BmidIndex%3D2%26amp%3Bmid%3D1_18266_AIhuUtQAAV4%252BS5%252FuewMlwC6wqCw%26amp%3Benc%3Dauto%26amp%3Bcmd%3Dmsg.scan%26amp%3Bpid%3D2%26amp%3Btnef%3D%26amp%3Bfn%3DSWEETGIRL.JPG

At first glance it looks legitimate but if you follow the URL to the end, you can see it is not legitimate. And also, the form fields on this yahoo log-in page are live so I think this is also a phishing page.

Like I said I'm not an expert but I am very much suspicious of both of these links. Hopefully someone else will look and either confirm what I think or set me straight.

_________________
* Help Keep Eater Running - Click here to donate
<br>
i really really needed you but you make me feel like a big foul. you make me feel like am stupid and i have not done anything wrong. i have never seen things like this before in my life.
why did act so u are hurting me girl? belive me i love u so much ? but i dont no why u always hurt me i will make evry endevure to do this for at least to make u happy
View user's profileSend private message
Bankster
Lab Rat


Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.


PostPosted: Thu Mar 18, 2010 4:35 pm Reply with quoteBack to top

Well, the domain name ends in .yahoo.com in all cases, so if it's a phishing page somebody would have to have hacked Yahoo's DNS servers, redirected the domains in question to their own rogue servers and copied Yahoo's entire web environment.
An XSS (cross-site scripting) attack would require you to click on a link on a malicious web page. This is not the case here as you start out with a Yahoo page.
So in order to phish somebody's login using these links, you'd need to sit on Yahoo's servers or hijack their entire internet connection.

_________________
Whoever said you can't touch happiness has never petted a dog.

Elite Ninja Team Member Easter Egg 2012 Goat Golden Goat Purple Flower Penguin
(United States United Kingdom Benin China Nigeria) x10 __ x?
View user's profileSend private messageSkype Name
Come-On
Not quite a Newb


Joined: 10 Jun 2009
Posts: 39


PostPosted: Thu Mar 18, 2010 4:51 pm Reply with quoteBack to top

Bankster wrote:
Well, the domain name ends in .yahoo.com in all cases, so if it's a phishing page somebody would have to have hacked Yahoo's DNS servers, redirected the domains in question to their own rogue servers and copied Yahoo's entire web environment.
An XSS (cross-site scripting) attack would require you to click on a link on a malicious web page. This is not the case here as you start out with a Yahoo page.
So in order to phish somebody's login using these links, you'd need to sit on Yahoo's servers or hijack their entire internet connection.


That makes sense what you wrote, unless someone used the words yahoo.com as a sub-domain but if that were the case the URL would have the domain name somewhere in the link too.

_________________
* Help Keep Eater Running - Click here to donate
<br>
i really really needed you but you make me feel like a big foul. you make me feel like am stupid and i have not done anything wrong. i have never seen things like this before in my life.
why did act so u are hurting me girl? belive me i love u so much ? but i dont no why u always hurt me i will make evry endevure to do this for at least to make u happy
View user's profileSend private message
Bankster
Lab Rat


Joined: 22 Jun 2007
Posts: 2239
Location: Gone for a while.


PostPosted: Thu Mar 18, 2010 4:53 pm Reply with quoteBack to top

Quote:
unless someone used the words yahoo.com as a sub-domain but if that were the case the URL would have the domain name somewhere in the link too.

That, and the domain name would look like yahoo.com.cheaphosting.1337h4x0r.com.cn. Wink

_________________
Whoever said you can't touch happiness has never petted a dog.

Elite Ninja Team Member Easter Egg 2012 Goat Golden Goat Purple Flower Penguin
(United States United Kingdom Benin China Nigeria) x10 __ x?
View user's profileSend private messageSkype Name
Total Wipeout
Not quite a Newb


Joined: 19 Aug 2009
Posts: 78


PostPosted: Thu Mar 18, 2010 6:10 pm Reply with quoteBack to top

So this sounds like quite a sophisticated phishing site. However, the dick who sent me that link was REALLY not the brightest bulb in the candelabra. How did he have access to it? He couldn't have created it. But he seems to have been given access to (or a one off use of) the results of my login attempt. That's kinda weird. I've been playing with the lads for years and never come across the potential co-operation that this sort of set up would require.....unless I'm looking at it from the wrong angle of course.

BTW if anyone is wondering, no I didn't try to log in. Wink
View user's profileSend private message
Technomancer
Master of Master Baiters


Joined: 08 Dec 2009
Posts: 671
Location: Sailing the infinite sea of the Net


PostPosted: Thu Mar 18, 2010 7:51 pm Reply with quoteBack to top

^^^
Might have a friend who knows about such things. Or he could be part of a bigger gang with better tech support.

Either way, sounds like a definite candidate for high priority target practice... Twisted Evil
Scammers who can pull tricks like this off can be trouble for real victims.

_________________
***************
* TechnomanceR *
***************

-------------------------------------------------------
I went to the Mr Biggs' drive-in...
Nurse Nastys Audi TT And all I got was this lousy Easter Egg with fries! Easter Egg Mc Fry

Closed lad accounts x1
View user's profileSend private message
Total Wipeout
Not quite a Newb


Joined: 19 Aug 2009
Posts: 78


PostPosted: Thu Mar 18, 2010 9:02 pm Reply with quoteBack to top

^^^
Agreed, I think he needs our attention. The problem is I have no idea how I originally got contact with the fella. It could have been an ASEM or more likely he was referred to me by another lad. Either way his name is T0la Ch1ldress and if you Google his name you'll find quite a few hits (obviously the 0 and 1 should be o and i).

I think it would be a good idea to dig around with this bloke and see what's what.
View user's profileSend private message
dogsbum
NN's whore


Joined: 08 Jan 2010
Posts: 381
Location: under my desk - licking my balls


PostPosted: Thu Mar 18, 2010 9:23 pm Reply with quoteBack to top

Technomancer wrote:
Or he could be part of a bigger gang with better tech support.

Either way, sounds like a definite candidate for high priority target practice... Twisted Evil
Scammers who can pull tricks like this off can be trouble for real victims.

Agreed and happy (sorta) to do a 'hunt, kill - destroy' number on techno-lads.

I think it best to do this from a Linux partition and spanky clean bait accounts though. (just my humble non tech opinion)
Hiding in plain sight is not new but it works. And I have no idea where to look for them nor what they are really after ... doubt this is really just about a scam. (China ???)

We may need a techno guru, probably a site killer ... and lubricant. Lots of lubricant. Embarassed
Perhaps a copy of Debbie Does Dallas too?

To our techno baiters colleagues ... is this one safe? Serious question.
RL victims would be a whole lot more vulnerable to this form of attack than (maybe) baiters ... which suggests we go hard on the lads. Bricks mandatory. Twisted Evil

_________________
DogsBum

<a href="/forum/donate.php">[Make a lad cry today and God will reward you.]</a>
* Help Keep Eater Running - Click here to donate
Zombie or Steward (real) returns - you decide.
Steward is a Delete sensitive material regarding identity - Steward

Exproba tuos pusiones saepe et quam saevissime!
(Slap lads often and as hard as possible!!)

Miseria et tardum letium omnibus factoribus doli!
(Woe and a slow death to all scammer lads!)
(Thanks Otterfan for the Latin)
View user's profileSend private messageSkype Name
manbiteslion
Baiting Guru


Joined: 12 Dec 2007
Posts: 4816
Location: Connecting my chair and keyboard


PostPosted: Thu Mar 18, 2010 9:38 pm Reply with quoteBack to top

I've had a peep at the makeup of the link, and there's nothing to suggest to me you're dealing with anything but an incompetent lad. He probably copied the picture link from an email in Yahoo, without realising it was embedded and so only visible to his own account.

You clicked the link and your browser took you as close as it could - to Yahoo mail, and your browser cookie authenticated your account and took you straight in.

The link doesn't contain any hidden domains, the %2D and %2F do not URL Decode to an @, which could possibly trip up an older browser, but has been killed off for a good 5 years. (Techie bit - it was a way to pass ftp credentials to a server in a single link, and was cunningly abused, then killed)

I am pretty sure rather than a cyber-genius (who'd make more money working legit) you've got a muppet. Wink

_________________
Premium Wimp Convincer - Click Me!
View user's profileSend private message
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT